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REMARKS 

As a preliminary matter, the Examiner will note that claims 8-10, 12, 14-17, 19, 21, 24 
and 26 have been amended solely to remove the "means plus function" (MPF) limitations. The 
revised claim formats are believed to be acceptable under current Office practice and procedure. 
No new matter has been included. 
Alleged non-statutory subject matter 

The Examiner is thanked for withdrawing the prior rejection of claims 15-17 and 19-21 
with respect to 35 USC §101. 

Claims 1-3 and 5 are newly-rejected under 35 USC §101 as failing the Bilski machine-or- 
transformation test. To address this rejection, claim 1 has been amended to recite an "entitlement 
server" such as illustrated in FIG. 2 (reference numeral 206) and whose operation is described in 
the accompanying written description text, e.g., at page 16, lines 12-15, page 19, line 15 through 
page 20, line 4, and page 20, line 19 through page 23, line 3 (describing FIG. 4B). No new 
matter has been included. Reconsideration is requested. 
Alleged obviousness 

Claims 1-3, 5, 7-10, 12, 14-17, 19 and 21 remain rejected under 35 USC 103(a) as being 
unpatentable over Kilkkila, U.S. Patent No. 6,854,060, in view of the Burke et al paper. With 
respect, this rejection is traversed. 

At the outset, the Examiner should note that independent claims 1, 8 and 15 have been 
further amended herein to recite that the defined method steps occur "in response to receipt from 
a user of a request to access one of the set of physical resources." This feature is described, for 
example, at page 19, lines 21-23 of the written description (referring to step 402). Thus, the 
recited "method for restricting access to a set of physical resources (see, e.g., claim 1) takes place 
in "response to receipt" of the resource access request. This enables the real-time status of the 
computing environment to influence the response to the user's access request. (See, e.g., the 
discussion at page 2, lines 2-26) 

A determination regarding alleged obviousness under 35 USC § 103(a) requires an 
analysis of the "scope and content" of the cited art. 

Kilkkila teaches defining a set of commands or a set of terminals that are operated by a 
set of commands and then restricting the command set upon one or more events or occurrences. 
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The command set is included in an "access right profile" and, as indicated in FIG. 2 at step 21, 
that "profile" may be changed (by modifying the command set) when "a predetermined situation 
occurs in the operation of the telephone switching system ." 

An "access right profile" in Kilkkila is the only construct in the patent that is modified as 
a result of the predetermined situation that occurs "in the operation of the telephone system. At 
the outset, this "profile" is only modified when "a predetermined situation occurs in the operation 
of the telephone switching system ." The system described in Kilkkila is not responsive to a 
particular user action and, in particular, "in response to receipt of a physical resource access 
request. Rather, Kilkkila' s step 21 (as shown in FIG. 2) appears to operate as a background task 
unrelated to a particular access request. Thus, while the system there cannot and does not 
provide any type of "real-time" evaluation based on the "state information about the set of 
authorized resources" - with "state" being determined at the time of the resource request. 

Moreover, Kilkkila describes two embodiments of the "access right profile," one relating 
to "users" and the other relating to "terminals." (See, column 1, lines 37-39; column 4, line 66 - 
column 5, line 1). A terminal as used in the patent is some form of management interface device 
for managing or controlling some operation of the telephone switching system. In this system, 
apparently a user can use a terminal and enter one or more control commands via a command line 
interface to control some aspect of the telephone switching system operation. 

In the case of an "access right profile" in a first embodiment, that profile includes "which 
MML (Man Machine Language) command language commands the user is authorized to 
execute." (See, column 1, lines 39-42). According to the described system, upon a particular 
occurrence (e.g., a time of day, a utilization rate, a predetermined alarm, a session duration, a 
type of command used, or number of sessions held), the profile is modified, in this embodiment 
to remove or limit the "commands" the user is authorized to execute. (See, column 4, lines 33- 
45). 

In the case of an "access right profile" in a second embodiment, that profile "pertains to a 
given set of terminals" and defines "the circumstance that sessions relating to the management of 
the computer system or telephone switching system can only be activated from a given terminal 
on certain conditions. (See, column 1, lines 47-51). Upon a particular occurrence, in this 
embodiment the system apparently restricts or limits what a particular user can do on a particular 
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terminal identified in the profile. (See, column 4, lines 54-62). Once again, this is a limitation of 
the "commands" themselves. 

Kilkkila does not disclose or suggest any embodiment that restricts access to the 
management terminal itself. Nevertheless, the Examiner contends that the claim limitations are 
met by virtue of the modification of the access right profile and because the "authorized 
commands in Kilkkila represent authorization to utilize the system's processing power to 
perform various tasks." (Office action at Response to Arguments, page 2) This contention, 
however, does not address the new limitation, namely, the requirement that the method steps 
occur "in response to receipt from a user of a request to access one of the set of physical 
resources." 

With respect to the first Kilkkila embodiment (where the access right profile consists of 
just a set of commands that may be performed by a user), this embodiment does not reach the 
claim language. In particular, because the construct that is being modified in Kilkkila is the 
"access right profile" data, the Examiner must be interpreting the "authorized resources" 
limitation as the set of commands that are available in the unmodified profile. According to the 
claim, however, "state information about the set of authorized resources" is then obtained and 
evaluated so that this set can be pruned down to a set of "entitled resources" that the user is then 
permitted to access. In the case of first Kilkkila embodiment, the system there is not obtaining 
"state information" about the "commands" listed in the access right profile and then pruning that 
command list to a "set of entitled [commands]." Rather, in Killkila (the first embodiment), the 
system has a set of commands in the access right profile that are modified according to other 
factors - but not the "state information about the set of authorized resources." In other words, if 
the "authorized resources" equate to the data (the list of commands) in the access right profile, 
then the claim language is not met. 

Regarding the second embodiment, the outcome is no different if the "access right 
profile" consists of a set of terminals. While it is true that a set of terminals is a "set of physical 
resources," the claims (such as representative claim 1) include still other limitations that are not 
met by the embodiment. In particular, claim 1 further requires that the state information be 
evaluated to generate the pruned list (the "entitled resources"), but then the claim goes on to 
require "preventing the user from accessing resources that are in the set of authorized resources 
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but that are not in the set of entitled resources." In this second embodiment, the occurrence of 
the condition that triggers the access right profile modification does not limit access to the 
management terminal; rather, the system only appears to restrict or limit a user's ability to 
enter/execute certain commands from that terminal. Stated another way, access to the physical 
resource - the terminal - is not restricted. Thus, the claim requirement of "preventing the user 
from accessing resources [the "resources" this time being the terminals identified in the profile]" 
is not met in this second embodiment either. 

Kilkkila teaches defining a set of commands or a set of terminals that are operated by a 
set of commands and then restricting the command set upon one or more events or occurrences. 
Despite the similarities in nomenclature, the disclosed method, apparatus and computer program 
product here address a different problem - "restricting access to a set of physical resources in a 
distributed data processing system" where a physical resource is a resource for which access (by 
a user) is controlled or restricted. (See, [0063]. In Kilkkila, and because the only entity being 
modified is the "access right profile," Kilkkila is simply "restricting access" to a set of 
commands in a management interface. While the effect of that restriction might also be to limit 
some function or operation of the telephone switching system, the particular manner as to how 
this system restriction is done is not what is being claimed here. Further, as noted above, the 
Kilkkila mechanism functions when a "predetermined situation occurs in the operation of the 
telephone switching system" as opposed to "in response to receipt from a user of a request to 
access one of the set of physical resources." 

The secondary reference, the Burke paper, does not make up for the deficiencies of 
Kilkkila. The paper is cited merely for the disclosed environment, namely, a "distributed" 
system. The combination of Kilkkila/Burke merely illustrates how an "access right profile" can 
be modified within the context of a distributed system but, as noted above, what is being 
modified in the profile is, in effect, nothing more than a set of commands (either per se, or as 
such commands are associated with a set of identified terminals). This is not the subject matter 
"as a whole" of any pending claim. 

Dependent claims 2, 9 and 16 are each separately patentable because, in addition to not 
generating a list of entitled resources, Kilkkila not disclose or suggest "sending an indication of 
the set of entitled resources to the user." Figure 5B illustrates an embodiment of this feature. 
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Dependent claims 3, 10 and 17 are each patentable for the reasons set forth above in 
connection with the respective parent independent claim. 

Dependent claims 5, 12 and 19 are each patentable for the reasons set forth above in 
connection with the respective parent independent claim. 

Likewise, dependent claims 7, 14 and 21 are each separately patentable because 
Kilkkila/Burke does not obtain "state information" using a "distributed monitoring application." 

For the above reasons, the obviousness rejection should be withdrawn . 

Dependent claims 22-27 are rejected under 35 USC 103(a) as being unpatentable over 
Kilkkila/Burke as applied above, further in view of U.S. Publication No. 2002/0161733 to 
Grainger. Respectfully, this rejection is traversed. 

The scope and content of Kilkkila and Burke have been described above. 

Grainger describes an automated client server-based IP (intellectual property) data 
processing system for managing documents relating to drafting and filing of a U.S. patent 
application. The publication has been cited for the teachings in [0052]-[0054]. Paragraph [0052] 
describes a set-up process, wherein users are assigned roles that play a part in the workflow. 
Rules are established that dictate to whom documents are routed at each stage in the process, how 
often users should be reminded of a task, and what task is required next after each preceding task. 
IP data processing system 100 has a mechanism for notifying users of required tasks, and for 
users to notify the system that tasks are complete. The system makes available (for example, 
through html links to documents stored in database 106) to the appropriate users any documents 
necessary for performing the relevant task (e.g., a maintenance fee due date reminder task sent to 
an appropriate in-house practitioner at a technology developer 1 10(x) may include an html link to 
the allowed patent so the practitioner can quickly review the patent's abstract and claims). As 
described in paragraph [0053], once a customer (e.g., technology developer 110, patent law firm 
120, etc.) has set-up the IP data processing system to their requirements, the functions available 
to a particular client system of a particular customer depend on the role of the client system in the 
patent process. For example, some of the functions provided through Web pages 104 are 
restricted to only certain individuals and thus may not be accessible to others. Thus, Web pages 
104 include different "home" pages that are the initial Web pages displayed to a client system 
based upon the role of the client system in the patent process. These home pages include html 
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links to functions that have been determined to be appropriate for the particular client system as 
part of the set-up procedure. Paragraph [0054] describes an example where the home page that is 
presented to the client system for an inventor working at a particular technology developer 1 10(x) 
is different from the home page that is presented to an in-house practitioner working at the same 
technology developer 1 10(x). 

Claims 22, 24 and 26 recite that the set of resources are identified by Uniform Resource 
Identifiers (e.g., URLs), and further that the "preventing" function provides the user a web page 
without a particular URI for an authorized but non-entitled resource . In Grainger, the functions 
available to a particular client system of a particular customer depend on the role of the client 
system in the patent process, and the functions provided through Web pages 104 displayed to a 
client system are based upon the role of the client system in the patent process and as determined 
"as part of the set-up procedure." The claim language, however, is more specific; the URI for 
"an authorized [but non-entitled] resource" is not provided in the web page; in 
Kilkkila/Burke/Grainger, at most the access right profile command set would be modified but 
"based upon the role of the client system" and "as part of the set-up procedure" i.e., not "in 
response to" an access request that is for an "authorized [but non-]entitled resource." 

Dependent claims 23, 25 and 27 recite that the set of resources may include a resource 
that one user (having a given status) may be entitled to access while another user (not having the 
given status) may not be entitled to access (even though, e.g., the same resource is otherwise 
available). These claims are likewise patentable for the same reasons advanced with respect to 
claims 22, 24 and 26. The Kilkkila/Burke/Grainger combination would not function "in response 
to" an access request that is for an "authorized [but non-]entitled resource." 

For the above reasons, a Notice of Allowance is requested. 

Respectfully submitted, 

/David H. Judson/ 

By: 

David H. Judson, Reg. No. 30,467 

ATTORNEYS FOR APPLICANT 

August 13, 2009 
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